For the realization of Internet Supplementary Services (for example, Call Waiting Internet Busy, Subscriber Controlled Input via Internet) information is required (hereinafter called Service Information), which is exchanged between Internet users and PSTN/ISDN exchanges. Thereby there arises the following security demands:
a) the resources of the network of a telecommunications operator (PSTN/ISDN network, internal server net) must be protected against unauthorized access (access by Internet users who are not customers of the telecommunications operator).
b) the source of the service information must be authenticated and the non-falsification of the service information must be verified.
c) the access of the user to the service must be authorized.
Standard methods for the protection of signaling information for Internet supplementary services have not previously existed. Depending on the service different combinations of IP-security methods have been used. In many cases a common secret (for example, a password, a PIN) coded by standard methods (for example, “Transport Layer Security”, RFC 2246) has been transmitted to the server which supports the service as a gateway into the PSTN/ISDN. At this server the password is evaluated based on interfaces to corresponding service related data bases of the PSTN/ISDN network operator, which can be either network central databases (in the gateway server or separate) or databases which are distributed in the networks of the subscriber's exchanges. With such methods requirements b) and c) can be filled, however, not requirement a) at the same time.
Based on the foregoing, it is the general object of the present invention to overcome or improve upon the drawbacks and problems associated with the prior art.